From c4bbc6ca9a1d2bfe71f24a75f280d76498645d79 Mon Sep 17 00:00:00 2001 From: Timur Demin Date: Sat, 8 Jun 2019 00:34:14 +0500 Subject: [PATCH] Make token generation a little better --- project_amber/helpers/auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/project_amber/helpers/auth.py b/project_amber/helpers/auth.py index fa6e8a8..cda9baa 100644 --- a/project_amber/helpers/auth.py +++ b/project_amber/helpers/auth.py @@ -84,7 +84,7 @@ def createSession(name: str, password: str) -> str: raise Unauthorized # this may present no sense, but the app doesn't # have to reveal the presence or absence of a user in the system if verifyPassword(user.id, password): - token = sha256(gensalt()).hexdigest() + token = sha256(gensalt() + bytes(str(time()).encode())).hexdigest() session = Session(token=token, user=user.id, login_time=time()) db.session.add(session) db.session.commit()